162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Copyright (C) 2005-2010 IBM Corporation 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Authors: 662306a36Sopenharmony_ci * Mimi Zohar <zohar@us.ibm.com> 762306a36Sopenharmony_ci * Kylene Hall <kjhall@us.ibm.com> 862306a36Sopenharmony_ci * 962306a36Sopenharmony_ci * File: evm.h 1062306a36Sopenharmony_ci */ 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci#ifndef __INTEGRITY_EVM_H 1362306a36Sopenharmony_ci#define __INTEGRITY_EVM_H 1462306a36Sopenharmony_ci 1562306a36Sopenharmony_ci#include <linux/xattr.h> 1662306a36Sopenharmony_ci#include <linux/security.h> 1762306a36Sopenharmony_ci 1862306a36Sopenharmony_ci#include "../integrity.h" 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci#define EVM_INIT_HMAC 0x0001 2162306a36Sopenharmony_ci#define EVM_INIT_X509 0x0002 2262306a36Sopenharmony_ci#define EVM_ALLOW_METADATA_WRITES 0x0004 2362306a36Sopenharmony_ci#define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */ 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci#define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509) 2662306a36Sopenharmony_ci#define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \ 2762306a36Sopenharmony_ci EVM_ALLOW_METADATA_WRITES) 2862306a36Sopenharmony_ci 2962306a36Sopenharmony_cistruct xattr_list { 3062306a36Sopenharmony_ci struct list_head list; 3162306a36Sopenharmony_ci char *name; 3262306a36Sopenharmony_ci bool enabled; 3362306a36Sopenharmony_ci}; 3462306a36Sopenharmony_ci 3562306a36Sopenharmony_ciextern int evm_initialized; 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_ci#define EVM_ATTR_FSUUID 0x0001 3862306a36Sopenharmony_ci 3962306a36Sopenharmony_ciextern int evm_hmac_attrs; 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_ci/* List of EVM protected security xattrs */ 4262306a36Sopenharmony_ciextern struct list_head evm_config_xattrnames; 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_cistruct evm_digest { 4562306a36Sopenharmony_ci struct ima_digest_data hdr; 4662306a36Sopenharmony_ci char digest[IMA_MAX_DIGEST_SIZE]; 4762306a36Sopenharmony_ci} __packed; 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_ciint evm_protected_xattr(const char *req_xattr_name); 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ciint evm_init_key(void); 5262306a36Sopenharmony_ciint evm_update_evmxattr(struct dentry *dentry, 5362306a36Sopenharmony_ci const char *req_xattr_name, 5462306a36Sopenharmony_ci const char *req_xattr_value, 5562306a36Sopenharmony_ci size_t req_xattr_value_len); 5662306a36Sopenharmony_ciint evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, 5762306a36Sopenharmony_ci const char *req_xattr_value, 5862306a36Sopenharmony_ci size_t req_xattr_value_len, struct evm_digest *data); 5962306a36Sopenharmony_ciint evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, 6062306a36Sopenharmony_ci const char *req_xattr_value, 6162306a36Sopenharmony_ci size_t req_xattr_value_len, char type, 6262306a36Sopenharmony_ci struct evm_digest *data); 6362306a36Sopenharmony_ciint evm_init_hmac(struct inode *inode, const struct xattr *xattrs, 6462306a36Sopenharmony_ci char *hmac_val); 6562306a36Sopenharmony_ciint evm_init_secfs(void); 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ci#endif 68